The newly discovered vulnerability CVE-2024-0762, known as “UEFIcanhazbufferoverflow,” affects the Phoenix SecureCore UEFI firmware used in various Intel Core desktop and mobile processors. This vulnerability, disclosed by cybersecurity researchers, exposes a critical buffer overflow issue within the Trusted Platform Module (TPM) configuration, potentially allowing malicious actors to execute unauthorized code. Eclypsium, a supply chain security firm, identified this flaw through its automated binary analysis system, Eclypsium Automata.
The vulnerability affects multiple generations of Intel Core processors, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. This widespread adoption by various OEMs means that the UEFIcanhazbufferoverflow vulnerability has the potential to impact a broad array of PC products in the market. The issue arises from insecure variable handling within the TPM configuration, specifically related to the TCG2_CONFIGURATION variable, leading to a buffer overflow and the execution of arbitrary code by attackers.
Phoenix Technologies promptly responded to the disclosure by assigning CVE-2024-0762 to the vulnerability and releasing patches on May 14, 2024, to mitigate the issue. The severity of the vulnerability is reflected in its CVSS score of 7.5, indicating a high-risk threat. This incident underscores the importance of UEFI architecture security, as UEFI firmware plays a critical role in device initialization and system runtime operations, making it a prime target for persistent access and control by attackers.
The UEFIcanhazbufferoverflow vulnerability also highlights the challenges of supply chain security, where vulnerabilities in upstream components can cascade across multiple vendors and products. Organizations are advised to use comprehensive scanning tools to identify affected devices and promptly apply vendor-supplied firmware updates. For enterprises relying on potentially impacted devices, proactive measures include deploying solutions to continuously monitor and assess device integrity, helping mitigate risks associated with older devices and ensuring ongoing protection against firmware-based vulnerabilities.
Reference:
